Corporations, government agencies, and personal users are suffering from wholesale data exfiltration, privacy breaches, and system downtime due to attacks from malicious software, or malware. Networks often utilize a layered defense to malware attacks, which includes antivirus software, firewalls, and intrusion protection systems. Malware implants are often stored in a computer system without the knowledge or consent of the operator of the computer system. The majority of current network security solutions detect malware using heuristic signature-based detection. Signature-based detection consists of searching for known patterns of data in storage. Since signature-based detection systems focus on specific malware characteristics for discovery, such systems often require constant scanning of large amounts of data. Additionally, it is difficult for traditional signature-based detection systems to detect new malware that has not been analyzed and stored in a signature database. In some cases, a malware may lie dormant until it is remotely activated (e.g., to transmit data of the infected host to a remote location). A traditional malware detection system may be able to only detect the dormant malware only after it becomes active in memory and causes damage. Therefore, there exists a need for improved malware detection.